End-User Education
“People are the weakest link in the cybersecurity chain.”
Mainly due to a lack of awareness, users and employees frequently open the virtual gates to attackers.
An end user is the human individual that uses any computing-enabled device or appliance.
The majority of security incidents are the result of human errors and human ignorance and not malicious intent. Therefore, it is critical that significant effort is focused on education and awareness to reduce these occurrences
Best practices in this area include:
Awareness programs including some basic training combined with ongoing awareness campaigns.
Promote an incident reporting culture
Online courses covering the essentials of security awareness
Consider flash cyber threat advisories to potentially targeted end users.
Perform simulating phishing then use it as a learning tool.
Gamify your security awareness training and make it mobile friendly.
End-user feedback. If users are expected to become good cybersecurity citizens, then the security team should keep them up to date on how they are doing.
Helpful Terms
Phishing - attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication
(BCM))Business continuity management - Preparing for and maintaining continued business operations following disruption or crisis.
Spyware - Malware that passes information about a computer user’s activities to an external party.
Virus - Malware that is loaded onto a computer and then run without the user’s knowledge
End users cannot be made 100 perfect as an IT risk, but they can be trained and helped with awareness and regular information guidance.
If you have stuck along this far you have learned a good introduction to Cybersecurity. Now for the fun parts!!!
No comments:
Post a Comment